About Me

Chris Barton

Chris Barton
Having been with "big red" since the Dr Solomons acquisition Chris has seen many come and go but is never content to be ...

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

Facebook Users Suffer From 'Fram'

Friday, March 12, 2010 at 9:57am by Chris Barton
Chris Barton

About a year or so ago one of the “McMarketeers” decided it would be fun to run a campaign against “fram”–spam that friends send you. As you might guess, we in the Labs have no friends, so it was no problem for us to ridicule the idea. ;)

baby

However, around the coffee machine the other day I got involved in a quick discussion about spam on Facebook. A long-term social networker genuinely thought that Facebook spam did not exist and that all the noise was from Facebookers playing games or using annoying apps. So I offered to write up an example.

One of the most subversive forms of advertising on Facebook is (though I hate to admit it) fram.

You receive a post like this from a friend:

The post

(Sorry Plum)

This page uses the FBML application to render content in a tab, and that tab is the default you see.
Step one is become a fan, so that you can see the next step.

The box

This posts to your wall:

The post

The fram quickly propagates from friend to friend–and spreads virally, to almost half a million fans.

The post

Let’s return to step 2: after becoming a fan:

The post

<click>

The post

Oooh, SEKR3T CODE! <click>

The post

This bit of JavaScript is very common on Facebook pages that want to spread quickly. It selects all your friends in the invite pop-up. It is a clear sign of something you don’t want to do, and it’s almost always related to some form of scam. I ask my friends not to do it; you should do the same.

Double bubble: Because you’ve posted to your wall once that you’re a fan, why not repeat the process and “share” the page, too?

The post

Of course you want to share this, even though you have not yet seen the content.

The post

By now we hope your friends have said “no thanks” to this. That’s a vain hope, however, because they have nearly a half-million members.

The post

<click> Oh drat. I had JavaScript blocked.

The post

<click> Oh drat> I had ad-block installed.

The post

At last the Video! … on http://thiswillruinurreputation.blogspot.com/

The post

All that work and what do we see? It’s affiliate spam. :(

So there’s your example. Facebook spam is somewhat complicated and mostly initiated by your friends.

Here are my tips for avoiding wall spam. Befriend only people you know and trust. Hide all the daft apps your friends use. Hide all the friends who think the world wants to know every time they visit the bathroom. Think very very hard before granting an app permission. And please, please, please report spam on the bottom left of the wall page.

The tragedy is that the spammer didn’t lie because behind that advert on the blogspot site there really is a funny video, but to the average user friend it’s impossible to see.

32 minutes ago · Comment · Like
Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (3)

  • todd March 24, 2010 3:57PM

    Facebook has become so popular that its easy to see why they target it. I think we are only going to see more problems with facebook coming up here soon.

    Reply
  • Neil Schwartzman March 15, 2010 2:26AM

    Barton is lying. He has 183 Facebook friends. I’m one of them! Great piece, Chris.

    Reply
  • Andreas Nilsson March 14, 2010 11:50PM

    Interesting reading, personally I’ve noticed another form of facebook abuse the last couple of weeks. Several girls I don’t know have sent me friend requests. When browsing through their profiles they don’t have a lot of friends but there’s always some kind of link to where they’re supposedly “naked”.

    Reply